e2b23e48734ba6dc5324316abdb6672cbba7478104547fc58761c6a76309f489

Analysis

max time kernel
21s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EXT24-00135005.pdf
Size

109KB
MD5

957b9b911aa5300c54a4ecc53684c1bb
SHA1

de5fc52768f87835952ee4a38000726f5a6376d8
SHA256

24f5bbd1df707a62da14c51f642e2eaae1c3c05cf25d1426d92748943b436c1f
SHA512

f7ed61f724d11ac5f1ed706e84b2203ddb99d07216e2d3650516dbd51ef7f83c775a699d0da94452b6e2f8511049d5a121b9e8d261b5576cd41e7301914eb9d8
SSDEEP

3072:wX+1b2Hs0sjGpUV8EBJcj2PcT4CJzwRLIEQ93yj7m:p2HnZGj84EYIL3Ca

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2096	AcroRd32.exe
2096	AcroRd32.exe
2096	AcroRd32.exe
2096	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\EXT24-00135005.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
67c64b17249e8f981a38c9f596f71c77

SHA1
e99bc237cce7273c41ea87c9604d7065095dfc02

SHA256
3df527267ce46715c617fdf1e7e3fa696c2e4c153d5cc2352b2cec2d036e7075

SHA512
a0fb2c7c4753d4710c60396c74a57a951d74dad5b53546fa8a9b78142fc69580726394907a6396b6c8a785d2edbc3e7d232f649500194bd0d9f08a304b2d00bb

Download Submit